CVE 9.4 CRITICAL

Race Condition allows Bypass of Trust Restrictions_CVE-2025-12383

November 18, 2025 invoker category_cve

9.4 / 10

CRITICAL

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Description

In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain conditions, it could lead to unauthorized trust in insecure servers (see PoC)

AI Analysis

A race condition in Eclipse Jersey can cause ignoring of critical SSL configurations, potentially leading to unauthorized trust in insecure servers.

Basic Information

ID CVE-2025-12383

Source eclipse

Published Nov 18, 2025 at 15:14

Modified Nov 18, 2025 at 21:34

Affected Product

Vendor Eclipse Foundation

Product Jersey

Version 2.45

Affected Versions Eclipse Foundation Jersey 2.45
Eclipse Foundation Jersey 3.0.16
Eclipse Foundation Jersey 3.1.9

CWE Classification

CWE-362

AI Assessment

AI Score 9.4 / 10

AI Severity Critical

Vendor Eclipse Foundation

Product Jersey

Version 2.45, 3.0.16, 3.1.9

References

gitlab.eclipse.org /security/cve-assignment/-/issues/74

{
    "lastseen": "",
    "description": "In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain conditions, it could lead to unauthorized trust in insecure servers (see PoC)",
    "published": "2025-11-18T15:14:37.765Z",
    "modified": "2025-11-18T21:34:35.027Z",
    "type": "cve",
    "title": "Race Condition allows Bypass of Trust Restrictions",
    "source": "eclipse",
    "references": "https://gitlab.eclipse.org/security/cve-assignment/-/issues/74",
    "id": "CVE-2025-12383",
    "bulletinFamily": "",
    "cwe": [
        "CWE-362"
    ],
    "cvelist": null,
    "sourceData": "Eclipse Foundation Jersey 2.45\nEclipse Foundation Jersey 3.0.16\nEclipse Foundation Jersey 3.1.9",
    "sourceHref": "",
    "cvss": {
        "score": 9.4,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Jersey",
    "version": "2.45",
    "vendor": "Eclipse Foundation",
    "ai_description": "A race condition in Eclipse Jersey can cause ignoring of critical SSL configurations, potentially leading to unauthorized trust in insecure servers.",
    "ai_severity": "Critical",
    "ai_vendor": "Eclipse Foundation",
    "ai_product": "Jersey",
    "ai_version": "2.45, 3.0.16, 3.1.9",
    "ai_score": 9.4
}

💭 Join the Security Discussion ❌ Cancel Reply